Cryptographic Right Answers

By Wolfgang Keller
Originally written 2019-07-03
Last modified 2019-07-05

Table of contents

Links

Results (ordered as in the texts)

Encrypting Data

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:TODOTODOTODO
Avoid:TODOTODOTODO

Symmetric key length

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:256 bit
If you can get away with it:128 bit--
Avoid:-
  • constructions with huge keys
  • cipher “cascades”
  • key sizes < 128 bit

Symmetric signatures

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:HMAC
Avoid:
  • custom constructions
  • custom “keyed hash” constructions
  • HMAC-MD5
  • HMAC-SHA1
  • complex polynomial MACs
  • encrypted hashes
  • CRC

Hashing/HMAC algorithm

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:
  • SHA-256 (SHA-2)
  • SHA-512 (SHA-2) [mentioned implictly]
SHA-2
If you can get away with it:-SHA-512/256
Future prospect:Plan update to SHA-3 within next 5-10 years--
Avoid:
  • SHA-1 [mentioned implcitly]
  • MD5 [mentioned implcitly]
  • SHA-1
  • MD5
  • MD6

Random IDs

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:TODOTODOTODO
Avoid:TODOTODOTODO

Password handling

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:
  1. scrypt
     
     
  2. PBKDF2
  1. scrypt
     
  2. bcrypt
  3. PBKDF2
  1. scrypt
  2. Argon2
  3. bcrypt
  4. PBKDF2
Avoid:
  • store users' passwords
  • MD5
  • don't use password hashes at all
  • SHA-2
  • SHA-1
  • MD5
  • not using a real secure password hash
  • build elaborate password-hash-agility scheme
  • SHA-3
  • SHA-2
  • SHA-1
  • MD5

Links:

Asymmetric encryption

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:RSAES-OAEP with
  • hash function: SHA-256
  • mask generation function: MGF1+SHA256
  • public exponent: 65537 = 216 + 1
NaClNacl/libsodium (box / crypto_box)
If you can get away with it:-RSA-OAEP if you have to use RSA-
Avoid:
  • PKCS #1 v1.5
  • PKCS #1 v1.5
  • RSA
  • ElGamal
  • Merkle-Hellman knapsacks
Systems designed after 2015 that use
  • PKCS #1 v1.5
  • RSA
  • ElGamal
  • Merkle-Hellman knapsacks

Asymmetric signatures

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:RSASSA-PSS with
  • hash function: SHA-256
  • mask generation function: MGF1+SHA256
  • public exponent: 65537 = 216 + 1
TODOTODO
Avoid:TODOTODOTODO

Diffie-Hellman

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:TODOTODOTODO
Avoid:TODOTODOTODO

Website security

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:TODOTODOTODO
Avoid:TODOTODOTODO

Client-server application security

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do:TODOTODOTODO
Avoid:TODOTODOTODO

Online backups

Percival, 2009 Ptacek, 2015 Latacora, 2018
Do: Tarsnap

Results (ordered by agreement)

TODO